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Table 1 


Printing History 

The manual printing date and part number indicate its current edition. 
The printing date will change when a new edition is printed. Minor 
changes may be made at repri nt without changi ng the pri nti ng date. The 
manual part number will change when extensive changes are made. 

Manual updates may be issued between editions to correct errors or 
document product changes. To ensure that you receive the updated or 
new editions, you should subscribe to the appropriate product support 
service. See your HP sales representative for details. 

First Edition: September 1999 (HP-UX Release 10.20) 

Product Numbers 


Description 

Number 

LDAP-UX Integration (NIS/LDAP Gateway server B.01.00 and 
LDAP-UX Client Administration Tools B.01.00) 

J4269AA 


Related Documentation 

For additional information, see the following: 

• I nstalling and Administering NIS/ LDAP Gateway (J 4269-90001) 
available at http://docs.hp.com/hpux/internet. 

• NI S/LDAP Gateway README file available after you install the 
product at /opt/ldapux/READM E-ypIdapd. 

• Client Administration Tools READM E file available after you install 
the product at /opt/ldapux/READM E-client. 

• I nstalling and Administering NFS Services discusses NIS available 
at http://docs.hp.com/hpux/communications. 

• Netscape Directory Server for HP-UX Administrator's Guide and other 
titles available at http://docs.hp.com/hpux/internet. 

• Manual pages using the man(l) command ypldapd(8), ypserv(lM), 
ypfiles(4) and other related NIS man pages. 
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What's I n this Version? 

This product consists of two sub-products: 

• NI S/LDAP Gateway 

• Nl S/LDAP Client Administration Tools 


NOTE The N I S/LDAP Gateway does not include an LDAP directory server. You 

can obtain the single-server Netscape Directory Server 4.x for H P-UX - 
Lite Edition from http://www.software.hp.com, or the fully functioning 
directory server from your local H P sales office. These directories 
currently only run on HP-UX 11.0. Other directories that support LDAP 
can also be used with this product. 


NI S/LDAP Gateway Overview 

The NI S/LDAP Gateway helps HP-UX servers and workstations more 
closely integrate with an LDAP directory. Specifically this product allows 
an Nl S client to use an LDAP directory as its repository for NIS maps. 
This product provides an NlS to LDAP Gateway which converts NIS rpc 
requests into LDAP operations. 

The main component of the NI S/LDAP Gateway is ypldapd, a 
replacement for ypserv, the NIS server. This product caches the NIS data 
to maintain good performance. This product is compatible with the 
RFC2307 specification (a schema for storing posix account and 
administration data in an LDAP directory.) 

Because the NI S/LDAP Gateway product emulates a ypserv, your NIS 
clients can start using an LDAP directory without modification. 
However, with this product you can not modify your LDAP account 
information from an Nl S client (that is, you cannot usechfn(l), chsh(l) or 
passwd(l) to change your account information.) To achieve this, install 
the NI S/LDAP Client sub-product on some or all of your NIS clients. 
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NIS/LDAP Gateway HP-UX Release Notes 

What’s In this Version? 

NIS/LDAP Client Administration Tools Overview 

The NI S/LDAP Client Administration Tools help H P-UX servers and 
workstations moreclosely integrate with an LDAP directory. Specifically 
this product allows NIS clients using the NIS/LDAP Gateway to do 
minimal LDAP directory administration, such as changing a user's 
password in the LDAP directory. Because NIS clients cannot directly 
modify an LDAP directory, this product provides tools that allow basic 
data management in the LDAP directory. This product contains: 

• M igration scripts that convert NIS maps or corresponding /etc files 
into LDIF files that can be imported into an LDAP directory. 

• Basic LDAP administration tools, Idapmodify, Idapsearch, Idapdelete 
and Idappasswd. 

• Entry management tools which allow users tocreateor modify 
directory entries. These tools are currently not supported. 

Because the NIS/LDAP Gateway product emulates an NIS server, your 
NIS clients can start using an LDAP directory without installing this 
product. However you may want to install this product on your NIS 
clients to allow your users to modify their directory data, such as 
changing their password. 
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NIS/LDAP Gateway HP-UX Release Notes 

Compatibility and Installation Requirements 


Compatibility and Installation Requirements 

Before installing these products, please read I nstalling and 
Administering NIS/LDAP Gateway. 

Hardware Requirements 

An HP 9000 Computer System. 

Memory Requirements 

This product has minimal memory and disk requirements. Your system 
should have at least 32 M B of main memory, and at least five megabytes 
of free disk space under /opt. 

Depending on the size of your NIS maps and if you wish to cache that 
data in the NIS/LDAP Gateway server, you will need additional physical 
main memory, approximately two to three times the total size of your 
existing NIS maps. 

Operating System Requirement 

• HP-UX 10.20 

Patch Requirements 

This product has no specific patch requirements. 

Patches can be obtained from the H P Electronic Support Center web 
page at the U RL http://us-support.external.hp.com/ or 
http://europe-support.external.hp.com/or through your HP support 
representative. 

Installing and Configuring the NIS/LDAP Gateway 

This section provides basic instructions for installing the NI S/LDAP 
Gateway. For complete installation and configuration instructions, see 
Installing and Administering NIS/ LDAP Gateway. 
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NIS/LDAP Gateway HP-UX Release Notes 

Compatibility and Installation Requirements 


Preparing for Installation 

Verify you have at least five megabytes of free disk space under /opt. 

Installing the NIS/LDAP Gateway 

UsetheSD-UX facility for installation. Seetheswinstall(lM) man page 
for details. 

Step 1. Log in to your system as root. 

Step 2. If a ypldapd server is already running on your system, terminate it with 
the kill(l) command. 

Step 3. Run swinstaii and install theNIS/LDAP Gateway server. This installs 
the product software in /opt/ldapux and /etc/opt/Idapux. No re-boot is 
required. 

Configuration Quick Start 

If your posixdata (NIS maps) have been migrated to an LDAP directory, 
you can set up a ypldapd server with only a few steps. If you have not 
migrated your NIS maps to the LDAP directory, see I nstalling and 
Administering NIS/ LDAP Gateway. 

• I f you have al ready configured other NIS/L DAP Gateway servers on 
other systems, you can simply duplicatetheconfiguration file 
/opt/ldapux/ypldapd/etc/ypldapd.conf on the local system. 

• Otherwise, copy the file/opt/ldapux/ypldapd/eto'ypldapd.conf.sample 
to/opt/ldapux/ypldapd/etc/ypldapd.conf and add the appropriate 
values according to the descriptions in the file. Minimally you will 
need to update the ypdomain, Idaphost, basedn, binddn and hindered 
parameters. If you have a large LDAP database and you are using 
11.00 NIS clients, you should set preload_maps to preload_maps 
group. The user you identify in the binddn must be an LDAP 
directory user that is allowed to read the userpassword attribute. 

• If the Nl S domain you use is the same as the domain being used by an 
existing NIS server, you must stop and disable the NIS server. You 
can do this by changing nis_slave_server and nis_master_server 
toOin the/etc/rc.config.d/namesvrs file. Then execute the command 
/sbin/init. d/nis. server stop to Stop the NI S server. 

Once your NI S/Gateway server is running, you can test your setup with a 
ypcat(l) command, such as ypeat group. You may need to wait (up to a 
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NIS/LDAP Gateway HP-UX Release Notes 

Compatibility and Installation Requirements 


minute) as theypbind(lM) process attempts to find the new NI S/LDAP 
Gateway server. 

Installing and Configuring the NIS/LDAP Client 
Administration Tools 

This section provides basic instructions for installing the NI S/LDAP 
Client Administration Tools. For complete installation and configuration 
instructions, see I nstalling and Administering NIS/ LDAP Gateway. 

Preparing for Installation 

Verify you have at least five megabytes of free disk space under /opt. 

Installing the NIS/LDAP Client Administration Tools 

UsetheSD-UX facility for installation. Seetheswinstall(lM) man page 
for details. 

Step 1. Log in to your system as root. 

Step 2. Run swinstaii and install the NI S/LDAP Client Administration Tools 
server. This installsthe product software in /opt/Idapux and 
/etcfopt/ldapux. No re-boot is required. 

Configuration Quick Start 

This product does not require any specific configuration. However, once 
you have installed the product, read the file 
/opt/ldapux/contrib/bin/README for instructions on how to create 
configuration files that will simplify LDAP directory administration from 
your NIS/LDAP Gateway clients. 

You may also wish to create a front-end script tothe Idappasswd 
command, to hide the LDAP directory from the average HP-UX user. 
Below are two examples you can cut and paste into a passwd shell script: 

#!/usr/bin/ksh 

/opt/ldapux/bin/ldappasswd -b "your_base_DN" -h "ldap_server_host_name" \ 

-p "ldap_port" 

#!/usr/bin/ksh 

/opt/ldapux/bin/ldappasswd -b "ou=people,o=hp.com" -h "dirserver.lab.hp.com" \ 

-p 389 
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NIS/LDAP Gateway HP-UX Release Notes 

Documentation 


Documentation 

The documentation listed below is availablefor the Nl S/LDAP Gateway. 

Where to Find the Documentation 

Most of the documentation is availableon theHP-UX Documentation 
web site at http://docs.hp.com/hpux/internet. 

Documentation Titles 

The following documentation titles are available at the locations given 
above or as listed. 

Documentation for Netscape Directory Server 4.0for HP-UX 


Title 

Description 

Installing and 

Administering NIS/LDAP 
Gateway 

How to install, configure, administer, tune, and 
troubleshoot the NIS/LDAP Gateway, (part 
number J4269-90001) 

README files 

/opt/ldapux/README-ypldapd briefly describes 
the NIS/LDAP Gateway. 
/opt/ldapux/README-client describes the 
NIS/LDAP Client Administration Tools. 
/opt/ldapux/contrib/bin/README describes some 
unsupported tools for LDAP directory 
administration. 

NIS/LDAP Gateway 

Release Notes 

This document (part number J4269-90002). 

Installing and 

Administering NFS 

Sendees 

Discusses NIS, available at 

http ://doc s. hp. com/hpux/communic ations. 

Netscape Directory Sen’er 
Administrator’s Guide 

Discusses the Netscape Directory Server for 

HP-UX. 
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Known Problems and Workarounds 


Known Problems and Workarounds 

This section describes all known problems with the NIS/LDAP Gateway 
product. 

LDAP Command Utilities 

The LDAP command utilities idapsearch and others only work when 
executed from a working directory under /opt/idapux/bin. Otherwise, 
the dynamic loader, did. si, will display an error message indicating it 
cannot find a library. Resolve this problem by setting your shlib_path 
environment variable to the contents of the file /etc/ shlib_path. For 
example, execute the foil owing command or add it to your .profile or 
other initialization file: (Defect number J AGaa42521) 

export SHLIB_PATH=$(</etc/SHLIB_PATH) 

ypldapd Aborts on Non-Existent Maps 

If you execute ypcat(l) on a map that isn't served by the NI S/LDAP 
Gateway, ypldapd aborts and creates a core file. If ypall_caching=on in 
the ypldapd.conf configuration file (which is not recommended), you will 
have to restart ypldapd. See also "Use Preloaded Maps instead of 
ypalReaching"on page 14. 

Migration Scripts 

You must run the migration scripts in the directory/opt/Idapux/migrate. 
(J ABab53883) 

preload cache Parameter not Described in ypldapd(8) 
Man Page 

The preload_cache parameter is not listed in theypldapd(8) man page. 
For information on preload_cache and the other configuration 
parameters to the NI S/LDAP Gateway, see I nstalling and Administering 
NIS/ LDAP Gateway. 
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Known Problems and Workarounds 

Limitations in the NIS/LDAP Gateway 

The following are limitations in this version of the NI S/LDAP Gateway. 

Crypt Passwords 

The NIS/LDAP Gateway product requires that user passwords be stored 
i n the di rectory server i n the same format as stored i n an /etc/passwd 
file. This is known as "Unix Crypt"format. If your directory server does 
not understand the {crypt}data type, you can sti 11 use the NIS/L DAP 
Gateway server. However, these users will not be able to authenticate to 
the directory server. One side effect is that users will not be able to 
change their own passwords (although a directory administrator could 
accomplish this on a user's behalf.) Also, other LDAP enabled 
applications, may not work correctly. 

Modifying Data in the Directory 

You cannot usethechfn(l) and chsh(l) and passwd(l) commands to 
modify data i n the di rectory. 

NIS and NIS/LDAP Gateway 

You cannot run an NIS server (ypserv) and an NIS/LDAP Gateway 
server (ypldapd) simultaneously on the same system. 

Shadow Passwords Not Supported 

You must set the hide_passwords parameter to "no" in theypldapd.conf 
file because shadow passwords are not supported. See I nstal I i ng and 
Administering NIS/ LDAP Gatewayfor details. 

Use Preloaded Maps instead of ypall caching 

You should use the preload_maps parameter to preload maps into the 
cache instead of ypalReaching. Use of ypalReaching can cause a 
performance bottleneck in the ypldapd server. For more information, see 
"Caching" in I nstal ling and Administering NIS/ LDAP Gateway. 

Limitations in the NIS/LDAP Client Administration 
Tools 

The entry management tools in /opt/Idapux/contrib, which allow you to 
create or modify directory entries, are not currently supported. 
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